CEOCFO Magazine, PO Box 340
Palm Harbor, FL 34682-0340
Phone: 570-851-1745

Email: [email protected]

Weekly Digital Publication IN-DEPTH INTERVIEWS WITH Top   CORPORATE EXECUTIVES (570) 851-1745 info@ceocfocontact.com FIND INTERVIEWS AND ARTICLES

Business Services
Medical/Biotech
Technology
Cannabis
Financial
Capital
Resources
Public Companies
Government Services

Clean Tech

Industrial
Canadian

Global



Lynn Fosse, Senior Editor

Steve Alexander, Associate Editor

Bud Wayne, Editorial Executive

Christy Rivers - Editorial Executive

INTERview













Defending an IT, or an OT, Network with Deception Technology


Francesco Trama

CEO & Founder


PacketViper

www.packetviper.com


Contact:

412-368-2077

[email protected]


Interview conducted by:

Lynn Fosse, Senior Editor, CEOCFO Magazine

Published – December 16, 2019


CEOCFO: Mr. Trama, what is the focus behind PacketViper?

Mr. Trama: Our goal from the beginning has been to use time-tested tactics of deceiving and misleading adversaries to deliver better overall security and alleviate the security operations burdens that hamper security teams of all sizes. Because I was previously a network administrator, I have a real appreciation for the day-to-day challenges of security leaders and teams. This empathy drives us to focus on delivering practical, high-impact security results to our clients. There are a lot of effective tools and solutions out there but we pride ourselves on delivering great value to our customers. This colors everything we do.  


CEOCFO: What do you understand at PacketViper about security that others miss?

Mr. Trama: Cybersecurity presents such a dynamic and complex challenge, and this is true whether you are defending an IT or an OT network, and PacketViper is equally effective in either situation, unlike a lot of IT security solutions. But back to your question, so much of what typically drives cybersecurity practices is reliant upon what has happened in the past.  While there are certainly lessons to learn from the past, I’m always reminded of the investments disclaimer “past performance does not guarantee future results.” We can’t forget that the bad guys also study history, they have access to the same intelligence, and they are changing their approaches faster than we can keep up. Their past attack patterns do not always inform future attack strategies. That being said, I think there is an opportunity to more effectively deal with things in real-time, based on the here and now. Doing so requires an approach to security that is more proactive than a lot of typical solutions, and it demands that we push more dynamic defenses out to the frontline. Our team sees an opportunity to more aggressively defend networks at the earliest stages of the cyber kill chain. We need to get off of our heels and lean in more, but this requires a different approach. One last point on this, as a part of that different approach, we have to shift the narrative from an over-emphasis on tools and do a better job of breaking down attack patterns and putting forth more effective counter-measures to the adversaries. We think that a deception-based approach can enable a lot of what I’m talking about.


CEOCFO: What have you developed to alleviate the problem?

Mr. Trama: What we have is a deception-based solution that solves important security problems while complementing the traditional security stack. It was important to us to not go into the market to try and replace something. People have spent lots of budget on traditional security stack solutions that are performing important duties. But we still need to do better.


Our tagline, “lightweight deception, heavyweight results,” pinpoints the core message of our solution as it delivers tremendous value without complexity. Security in general is too complex and if solutions have to add complexity to keep their brand promise that makes things tough on the customer. So, whether our clients are relying on PacketViper to defend IT or OT networks, we use deception to detect, prevent and respond to threats internally and externally. In all PacketViper use cases, we know that introducing deception at the earliest stages of the attack cycle provides the best opportunity to thwart attackers. This is equally true whether you are trying to prevent outside threats from getting onto the network or if you are trying to reduce dwell time and eliminate internal threats.

 

I’ll expand on some of those points for proper context. First, we want to take it to the threats that are outside of the network and seeking to penetrate traditional, static border defenses. Typically, the attack efforts start with reconnaissance scans. For this use case we sit in in-line, in front of the firewall and we put decoys on the network edge that present the appearance of vulnerabilities and/or available services that really are not there, but they are enticing to attackers. These exterior facing decoys make the network very hard to size-up, which is essential for attackers when they are getting started. Then, just when the attacker thinks they have a read on a way in, we rotate the decoys, creating the appearance of movement out at the network edge. This is a powerful way to obfuscate the network.  


Finally, because we are frequently deployed in-line, we can harvest the intelligence from the threat and write a rule in real-time to not only block that connection attempt, but also prevent them from coming back and trying again. We like to think of this as a kind-of poor man’s deception-based threat hunting at the network edge. But whatever you call it, it is extremely effective.


We also have a solution for the inside of the network. Because we have such a lightweight deployment model, we can saturate internal network segments with decoys and sensors that reduce dwell time catch lateral moving threats within the network. Furthermore, because of that focus we have on practical results, just like the way we actively block the bad guys that are outside from getting in, we can also take a variety of actions on the threats on the inside. These actions could include a very high-fidelity alert, slowing down the concerning traffic or even outright blocking the threat. This outbound block is very valuable in terms of protecting against data exfiltration and very effective in stopping certain types of ransomware from establishing that command and control communication they depend on.  


This lean-in approach is extremely effective in responding to threats, getting a lot of noise off the network and helping to settle down security operations.   


CEOCFO: How do you deceive an attacker?

Mr. Trama: Our way of deceiving attackers is different than some of the other players in the category and completely unlike a traditional honeypot, which is what most people think of when they think of deception. There are also some proprietary methods that factor in, but I’ll do my best to explain briefly. Our deception is lightweight, agentless and does not require some shadow network infrastructure. Because with deception, if the method allows for it, more is certainly better and we enable that.  We can easily saturate the perimeter and internal network segments with decoys that create treacherous paths for connections working outside of normal operating ranges, making the actual network and available services much harder to detect. Our software-based decoys and responses can simulate whatever assets make the most sense for the client environment and they are highly believable to the attackers. It’s important to note that these software-based decoys and sensors are not services that can be exploited for use against the host. They perform a brief interaction and generate a quick revealing reaction from the attacker. This intelligence is automatically gathered and applied to strengthen defense as I mentioned earlier.


CEOCFO: I see from your website that you work in virtually every industry. What might be different in the approach from one industry to the next?

Mr. Trama: While it is true that security practices and approaches vary across industries, a lot of the principles we are discussing here are fundamental and cut across verticals. That’s why you see such a diverse mix in our client base. As far as the PacketViper approach, the types of decoys and deception artifacts will vary from one industry to another depending on what needs to be simulated to entice the threats. And then, depending on the nature of what is being protected, we do see certain types of businesses building out more robust deployments and elaborate deception environments than others. It’s not uncommon for us to see a healthcare organization that has to factor in things like HIPAA, or some other type of regulated industry seeking to be more aggressive with their deployments than other types of customers in non-regulated sectors.    


CEOCFO: When an organization is looking to make a change, how do they find PacketViper? What is the competitive landscape?

Mr. Trama: It is definitely a challenge to try and stand out today in IT security because it is such a noisy and crowded space. We have a sharp marketing team and we do a lot of the normal and customary things to stand out and be found by people looking to make a change. It can be tough, but what we know who our market is, we know who we have to talk to in terms of executive leadership, network and security teams. We rely on channel partners to help us go to market but we also assume a lot of responsibility for getting our message out there. As many people do, we go to a lot of events to help boost brand recognition. We do some of the large customary events, and we also like to attend smaller events that allow us a better chance to talk to the networking engineers also, and the folks on the frontlines. We do small conferences across the country where I will sit up and speak and talk to them about deception technology and the problems we can help solve in network security.   


CEOCFO: What is involved in an implementation?

Mr. Trama: Implementations are relatively simple and we can typically demonstrate measurable value in the first 30-90 days depending on the use case. For that reason, and as you might expect, we see a lot of customers doing proof of concept evaluations. There are multiple deployment models including on-premise, cloud and virtual instances. In either case we are very hands-on for our implementations and make sure that the customer is seeing real value before turning over the keys to them or a service provider. Once PacketViper is configured, you are talking about maybe a few hours a month to keep things fine-tuned and optimized. And if need be, we have a professional services team that can help with that optimization.  


CEOCFO: What type of reporting do you do and how do you pass on the information to the client about what you are finding and protecting. Do they care?

Mr. Trama: Absolutely, they do care. Security is about getting all the right information in the right time to make the best decisions. We do have two types of reporting modules inside PacketViper. We have a reporting module where the customer can schedule normal reports that tell them about traffic conditions, countries, the companies that are accessing different things within and that is set up in an automated fashion. Because PacketViper actually stores its own logs, we do not have to integrate with other systems, but we can if the customer would like to, and many do, especially those with a SIEM. We also have another module for detailed incident or exception investigations called the Advanced Analytics. What that tool is used for is to generate a more specific forensics report around a narrow period of time.  


CEOCFO: Would PacketViper replace other security measures or would it work in conjunction as another layer?

Mr. Francesco: I am a firm believer in a layered approach to defense and as I mentioned earlier, we are not here to render prior spends on other technologies useless, so we definitely take pride in being an additional layer that makes other solutions more effective. As an example, it is not uncommon for our customers to be partially through the depreciation schedule of their firewalls and at their capacity for rules. Or maybe they are seeking to unclutter their SIEM solutions by reducing the unwanted clutter from lower value logs such as the firewall drops. Finally, we typically see clients trying to make the analysts job easier by reducing the size of the proverbial haystack, so the needles stand out better.  In all of those situations, we deliver real, tangible complementary benefits. Our exterior facing deception typically gets up to 70% of the traffic away from the firewall. This settles things down greatly at the perimeter and that benefit carries on downstream to less clutter in the SIEM. And depending on the circumstances and specifics of the use case, this also could yield a favorable, hard dollar ROI.


CEOCFO: You spent twelve years in the military. What did you learn that helped you in the business world?

Mr. Trama: When I was in the military, I did two years of combat and the rest was thankfully a somewhat less stressful tour in Hawaii, which was great. I reflect back on my experience in the Army frequently when I think about my role as a leader in business and also as we strategize around our product roadmap. In terms of leadership, while in the military I was exposed to a lot of high-stress situations and we were repeatedly challenged to solve complex problems, with incomplete information in teams of people. I think that experience was invaluable in preparing me for the business world because the reality is, despite the best laid plans, things are going to go wrong and you have to work as a team on strategic issues. So, in terms of keeping our team aligned and focused, I could not have imagined a better background that the experience I got in the Army to get me ready to be a business leader. As it relates to our approach to solving network defense problems for our customers, the Army taught me to not back down in times of conflict and to lean into conflict for swifter resolution. These principles inform our overall product strategy and keep me grounded in just how impactful a deception-based approach can be in our product strategy.    


CEOCFO: Why choose PacketViper?

Mr. Trama: Deceiving adversaries in times of conflict has been a proven tactic dating back to the beginning of recorded history. The problems we are talking about here are pretty universal and traditional cyber solutions, even those from the biggest brands, are known to have limitations. PacketViper delivers measurable benefits, it’s a great value and our deals are frequently done with risk-free satisfaction guarantees. So with that I’d turn the question around and ask, if you’ve got some big brand cybersecurity solutions in your stack and still feel like your security posture could be stronger but you don’t want to break the bank, well then why wouldn’t you try PacketViper?


PacketViper, Cyber Threat Detection, Cybersecurity Agentless, Francesco Trama, Defending an IT, or an OT, Network with Deception Technology, CEO Interviews 2019, Technology Companies, Business Services Company, Cyber Disruption Technology, Disrupt Cyber Attackers, Agentless Deception, Deception Technology, External Deception Tools, software-based decoys and believable responses, cyber attack prevention, confuse attackers, automatically block threats, prevent threats, internal threat detection, internal decoys, cyber attack deception tools, PacketViper Press Releases, News, Twitter, Facebook, Linkedin

“In all PacketViper use cases, we know that introducing deception at the earliest stages of the attack cycle provides the best opportunity to thwart attackers. This is equally true whether you are trying to prevent outside threats from getting onto the network or if you are trying to reduce dwell time and eliminate internal threats.”- Francesco Trama

HOME

CURRENT ISSUE

INTERVIEW INDEX

CEOCFO SERVICES

CEOCFO MOBILE